Cisco report highlights security woes

[Nick]

Seeking balance in work and personal tools

Published: 1/09/2010 at 12:00 AM
Newspaper section: Database
 
Cisco has launched its 2010 mid-year security report, which has shown a sea change in how businesses use IT resources with borderless networks, while IT departments struggle to provide security while coping with users using their personal phones to access corporate IT resources and cloud computing, which processes data outside the corporate data centre.

Steve Ledzian, Regional SE Manager—Asia, Security Technologies and Solutions, Cisco.

Steve Ledzian, Regional SE Manager - Asia, Security Technologies and Solutions, said that IT departments cannot fight tectonic shifts and today everyone is focused on the consumerisation of IT.

Users embrace new technology in their personal life. These same users are going to resist if they cannot use these same devices in the workplace.

IT departments face a dilemma. Do they want their user population to be productive and use the tools they want, or do they want to be secure, managed and with acceptable use policies enforced?

Ledzian said that when an IT department says no, half of end users admit to circumventing those policies, and 27 percent say that they have changed settings on corporate devices anyway.

Worse, IT is then seen as getting in the way of business.

A good example is what happened with instant messaging. When IM first came out, many IT departments said they did not want users chatting all day. Today Ledzian has many IM clients, some internal to his company, others open and connecting to key partners and clients. IM is now recognised as an invaluable business tool.

Social networks are following the same trend. Seventy five percent of people surveyed say that collaboration is critical success. Ninety percent say collaboration makes them more effective. The flip side is that seven percent say they spend more than an hour a day playing Farm-Ville on Facebook.

Lastly, the report identified that spam will rise by 30 percent over 2009 levels. That will be a problem to organisations with content-based spam filters, as they will need 30 percent more processing power. Cisco Ironport uses reputation-based identification of spam and this will cope much better with the increase in traffic.

Ledzian said that against this backdrop, Cisco is reacting with what it calls the borderless network.

In the past, the organisation had a clear border, a network firewall with trusted resources in the data centre and employees in the office, and everything else outside. Today, that border is no more. The Cisco executive himself spends only one or two days a week in the office, working off his laptop, smart phone or tablet.

To complicate this, cloud services now mean that application and data that used to be inside the data centre are also out there in the cloud.

Lastly we have a mesh of connectivity: The user in the coffee shop accessing Salesforce in the cloud, a transaction that never passes the corporate firewall.

The question is how IT can continue to provide secure connectivity, defending against malware and make sure the right people are accessing resources while enabling productivity.

Cisco offers AnyConnect secure mobility, a combination of Cisco ASA firewall and Cisco Ironport. For instance, it provides gated, controlled access to Salesforce. Traditionally, when an employee leaves, his Active Directory entry is deleted and can no longer access email and other corporate assets. However, someone might forget to delete the employee's Salesforce account and he can still download customer data to take to his new employer.

With AnyConnect, all employees are required to log in to the corporate network via VPN (virtual private network) and the authentication gets passed to the Cisco web security appliance. This gets extended via SAML (Security Assertion Markup Language) to enable single sign-on across a variety of services, including Salesforce. In this scenario, if the employee leaves, the single sign-on will be broken. Nor would he will be able to log into Salesforce directly, as he would never have known his login credentials.

It can be federated so that a global corporation can have multiple entry points. The client will ping all the nodes and select the fastest one with the lowest latency.

AnyConnect also allows reputation-based protection for the web for its users.

Ledzian said that reputation-based filtering was invented by Ironport to stop spam. Content was irrelevant as it was the reputation of the sender which signalled if a message was spam or not.

After Cisco acquired Ironport, it was clear that the same concept of reputation could be extended not just to email senders, but to web objects, not just web pages. This led to Cisco Security Intelligence Operations that takes data from global networks. These feeds are analysed and correlated across email and firewalls.

This means that the Bot Net (networks of compromised machines that can be remotely controlled) that was used to send spam on Monday is already recognised and Cisco Security Intelligence Operations can already protect against its next DDOS attack on Wednesday.

Email security works both ways. Incoming email can be filtered and outgoing mail can be fed through a data loss prevention filter. Cisco here partners with RSA and allows for checkbox-style email policy compliance to be enforced. Adding PCI (payment card industry) compliance is literally as easy as a checkbox and all outgoing mail will be checked for data that could be a breach of PCI rules.

All of this is done via a simple enforced VPN client as users do not want a hundred different programs running on their PC.

For this range of clients, Cisco is targeting everyone, not just the large players, as every company has a spam and malware problem. It will target the large corporates itself and works through an ecosystem of partners for the rest of the market.

The report can be downloaded at http://www.cisco.com/web/go/securityreport. Cisco Ironport has a list of threats at http://www.ironport.com/toc which lists current malware outbreaks and the response time to protection comparing Ironport and other anti-virus vendors Sophos, McAfee, Trend Micro and Symantec.



About the author

Writer: Don Sambandaraksa
Position: Database Reporter


ที่มา: bangkokpost.com